Difference between revisions of "Nhmbif"

From nhm.sfs.gbif
Jump to: navigation, search
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
nhmbif is a virtual machine running RHEL 7.3
 +
 
== List of services ==
 
== List of services ==
  
Line 8: Line 10:
 
* [https://data.gbif.no/dwcexcel/ Generate your own DwC templates]
 
* [https://data.gbif.no/dwcexcel/ Generate your own DwC templates]
 
* [https://data.gbif.no/repatriated/ Norwegian GBIF data from nodes outside Norway] (updated every month)
 
* [https://data.gbif.no/repatriated/ Norwegian GBIF data from nodes outside Norway] (updated every month)
* [https://data.gbif.no/ipt/ Our IPT instance]
+
* [https://data.gbif.no/ipt/ GBIF.no's IPT instance]
* [https://data.gbif.no/resolver/ Our resolver]
+
* [https://data.gbif.no/resolver/ GBIF.no's resolver], and plzresolve, which parses a DwC-A and adds data to the resolver.
 
* A MySQL server (hosting specify databases and some IPT datasets)
 
* A MySQL server (hosting specify databases and some IPT datasets)
 
* dwclean, a script run every night. Grabs data from MUSIT, cleans it and delivers it to our IPT.
 
* dwclean, a script run every night. Grabs data from MUSIT, cleans it and delivers it to our IPT.
 
* sgraf (Don't know what this does but it has something to do with geology)
 
* sgraf (Don't know what this does but it has something to do with geology)
 
* ffserver and ffmpeg, for live streaming museum events
 
* ffserver and ffmpeg, for live streaming museum events
 +
 +
== IPT upgrades ==
 +
 +
* Make sure to back up the data directories – <tt>/site/gbif/ipt</tt> and <tt>/site/gbif/sandbox</tt>
 +
* Download the [https://gbif.org/ipt/ Latest version of the IPT]
 +
* Upload the latest version of the .war file (ipt-x-x-x.war) using the tomcat web interface
 +
** Alternatively, stop tomcat (<tt>service tomcat stop</tt>, copy the latest version of the IPT (ipt-x.x.x.war) to <tt>/var/lib/tomcat/webapps/ipt-sandbox.war</tt> and <tt>/var/lib/tomcat/webapps/ipt.war</tt> and restart tomcat (<tt>service tomcat start</tt>)
 +
* Follow the on-screen instructions [https://data.gbif.no/ipt] [https://data.gbif.no/ipt-sandbox] to complete the upgrade
  
 
== Renewing SSL certificates ==
 
== Renewing SSL certificates ==
  
 
We use [https://github.com/lukas2511/dehydrated dehydrated] to renew the letsencrypt certificates for data.gbif.no.
 
We use [https://github.com/lukas2511/dehydrated dehydrated] to renew the letsencrypt certificates for data.gbif.no.
Everything should just happen automatically (on the 1st of every month), but if something goes wrong, simply run <tt>/opt/bin/renew</tt> to renew the certificates, and remember to restart the web server.
+
Everything should just happen automatically (on the 1st of every month), but if something goes wrong, simply run <tt>/opt/bin/renew</tt> to renew the certificates. This script will also concatenate privkey.pem and cert.pem so lighttpd can use the certificates.
 +
Remember to restart lighttpd!
  
 
== Troubleshooting ==
 
== Troubleshooting ==
Line 26: Line 37:
 
* Is tomcat running? If not, do <tt>service tomcat start</tt>
 
* Is tomcat running? If not, do <tt>service tomcat start</tt>
 
* Is lighttpd running? If not, do <tt>lighttpd -f /etc/lighttpd/lighttpd.conf</tt>
 
* Is lighttpd running? If not, do <tt>lighttpd -f /etc/lighttpd/lighttpd.conf</tt>
 +
 +
=== IPT/Tomcat is not allowed to write to the IPT data directory ===
 +
 +
Probably an SELinux thing - try the following:
 +
 +
* <tt>grep tomcat /var/log/audit/audit.log | audit2allow -M ipt</tt>
 +
* <tt>semodule -i ipt.pp</tt>

Latest revision as of 02:39, 2 April 2018

nhmbif is a virtual machine running RHEL 7.3

List of services

The following services are provided on nhmbif (incomplete list):

IPT upgrades

  • Make sure to back up the data directories – /site/gbif/ipt and /site/gbif/sandbox
  • Download the Latest version of the IPT
  • Upload the latest version of the .war file (ipt-x-x-x.war) using the tomcat web interface
    • Alternatively, stop tomcat (service tomcat stop, copy the latest version of the IPT (ipt-x.x.x.war) to /var/lib/tomcat/webapps/ipt-sandbox.war and /var/lib/tomcat/webapps/ipt.war and restart tomcat (service tomcat start)
  • Follow the on-screen instructions [1] [2] to complete the upgrade

Renewing SSL certificates

We use dehydrated to renew the letsencrypt certificates for data.gbif.no. Everything should just happen automatically (on the 1st of every month), but if something goes wrong, simply run /opt/bin/renew to renew the certificates. This script will also concatenate privkey.pem and cert.pem so lighttpd can use the certificates. Remember to restart lighttpd!

Troubleshooting

Help, the IPT is down!!!

  • Is tomcat running? If not, do service tomcat start
  • Is lighttpd running? If not, do lighttpd -f /etc/lighttpd/lighttpd.conf

IPT/Tomcat is not allowed to write to the IPT data directory

Probably an SELinux thing - try the following:

  • grep tomcat /var/log/audit/audit.log | audit2allow -M ipt
  • semodule -i ipt.pp